Reviewers: kpreid2,
Description:
Adds test for IE11 strict nested function defs scoping bug.
Adds stack display to explicit.html
Corrects some typos
Please review this at https://codereview.appspot.com/43490045/
Affected files (+74, -6 lines):
M src/com/google/caja/ses/debug.js
M src/com/google/caja/ses/explicit.html
M src/com/google/caja/ses/logger.js
M src/com/google/caja/ses/repairES5.js
M src/com/google/caja/ses/startSES.js
Index: src/com/google/caja/ses/debug.js
===================================================================
--- src/com/google/caja/ses/debug.js (revision 5645)
+++ src/com/google/caja/ses/debug.js (working copy)
@@ -163,7 +163,7 @@
(function() {
var FFFramePattern = (/^([^@]*)@(.*?):?(\d*)$/);
- // stacktracejs.org suggests that this indicates FF. Really?
+ // stacktracejs.com suggests that this indicates FF. Really?
function getCWStack(err) {
var stack = err.stack;
if (!stack) { return void 0; }
Index: src/com/google/caja/ses/explicit.html
===================================================================
--- src/com/google/caja/ses/explicit.html (revision 5645)
+++ src/com/google/caja/ses/explicit.html (working copy)
@@ -152,6 +152,30 @@
})();
</script>
+<script>
+ (function() {
+ "use strict";
+ if (!ses.ok()) {
+ return;
+ }
+
+ var src =
+ 'function foo() { throw Error("Expand me to see stack"); }\n' +
+ 'function foo2() { foo(); }\n' +
+ 'function foo3() { foo2(); }\n' +
+ 'foo3();\n';
+
+ var stack = 'nothing caught';
+ try {
+ cajaVM.eval(src);
+ } catch (er) {
+ ses.logger.info('Expected error: ', er);
+ return;
+ }
+ ses.logger.error('Missing expected error');
+ })();
+</script>
+
<script src="makeQ.js"></script>
<script src="makeFarResourceMaker.js"></script>
<script src="compileExprLater.js"></script>
Index: src/com/google/caja/ses/logger.js
===================================================================
--- src/com/google/caja/ses/logger.js (revision 5645)
+++ src/com/google/caja/ses/logger.js (working copy)
@@ -163,8 +163,8 @@
// We don't do "console.apply" because "console" is not a function
// on IE 10 preview 2 and it has no apply method. But it is a
// callable that Function.prototype.apply can successfully apply.
- // This code most work on ES3 where there's no bind. When we
- // decide support defensiveness in contexts (frames) with mutable
+ // This code must work on ES3 where there's no bind. When we
+ // decide to support defensiveness in realms with mutable
// primordials, we will need to revisit the "call" below.
apply.call(console[level], console, [''].concat(args));
Index: src/com/google/caja/ses/repairES5.js
===================================================================
--- src/com/google/caja/ses/repairES5.js (revision 5645)
+++ src/com/google/caja/ses/repairES5.js (working copy)
@@ -2853,6 +2853,39 @@
});
}
+ /**
+ * Detects
+ *
https://connect.microsoft.com/IE/feedback/details/811124/ie11-javascript-function-scoping-is-weird-with-respect-to-functions-and-try-catch
+ * in strict code.
+ *
+ * A strict nested function definition should either be a syntax
+ * error, as ES5 specifies, or it should stay local to its block, as
+ * ES6 specifies. Within that block, an assignment to that
+ * function's name should assign to the block-local variable defined
+ * by that function.
+ */
+ function test_NESTED_STRICT_FUNCTIONS_LEAK() {
+ try {
+ return unsafeEval(
+ '(function() {\n' +
+ ' "use strict";\n' +
+ ' var a = function good() { return false; };\n' +
+ ' try {\n' +
+ ' function a() { return true; }' +
+ ' a = function blah() {\n' +
+ ' return "Assignment skipped nested function
definition";\n' +
+ ' };\n' +
+ ' } catch (x) {}\n' +
+ ' return a();\n' +
+ '})();\n');
+ } catch (err) {
+ if (err instanceof SyntaxError) {
+ return false;
+ }
+ return 'Unexpected error from strict nested function: ' + err;
+ }
+ }
+
////////////////////// Repairs /////////////////////
//
// Each repair_NAME function exists primarily to repair the problem
@@ -4526,6 +4559,17 @@
// appears on Safari only
sections: ['15.2.3.9', '15.2.3.12'],
tests: [] // hopefully will be in ES6 tests
+ },
+ {
+ id: 'NESTED_STRICT_FUNCTIONS_LEAK',
+ description: 'Strict nested functions leak from block scope',
+ test: test_NESTED_STRICT_FUNCTIONS_LEAK,
+ repair: void 0,
+ preSeverity: severities.UNSAFE_SPEC_VIOLATION,
+ canRepair: false,
+ urls:
['https://connect.microsoft.com/IE/feedback/details/811124/ie11-javascript-function-scoping-is-weird-with-respect-to-functions-and-try-catch'],
+ sections: [],
+ tests: [] // hopefully will be in ES6 tests
}
];
Index: src/com/google/caja/ses/startSES.js
===================================================================
--- src/com/google/caja/ses/startSES.js (revision 5645)
+++ src/com/google/caja/ses/startSES.js (working copy)
@@ -781,11 +781,11 @@
ses.makeCompiledExpr = makeCompiledExpr;
/**
- * Compiles {@code src} as a strict expression into a function
+ * Compiles {@code exprSrc} as a strict expression into a function
* of an {@code imports}, that when called evaluates {@code
* exprSrc} in a virtual global environment whose {@code this} is
- * bound to that {@code imports}, and whose free variables
- * refer only to the properties of that {@code imports}.
+ * bound to that {@code imports}, and whose free variables refer
+ * only to the properties of that {@code imports}.
*
* <p>The optional {@code opt_mitigateOpts} can be used to control
* which transformations are applied to src, if they are
--
---
You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
